Posts

Mozilla on Thursday announced the rollout of version 57.0.4 for Release channel users on desktop and mobile. The update features security fixes to resolve recent security flaws, namely, the Meltdown and Spectre attacks.

In a release note, Firefox has announced the availability of version 57.0.4 of its browser on desktop platforms including Windows, macOS, and Linux; apart from Android. The highlights of this update are security fixes for Meltdown and Spectre attacks.

Meltdown and Spectre security flaws have been found in Intel, AMD, and ARM CPUs, putting most computers and mobile phones at risk. Meltdown is specific to Intel CPUs but Spectre affects all devices alike. Meltdown lets hackers bypass the hardware barrier, allowing them to read a computer’s passwords and other sensitive information.

Google claims that it had briefed affected companies about the ‘Spectre’ bug in June and the ‘Meltdown’ bug in July last year. While Google has already issued security updates to protect against these attacks, browsers need to push updates to protect attacks through JavaScript. Mozilla, in version 57.0.4, has disabled the SharedArrayBuffer feature to prevent against Meltdown attacks.

Apple also recently announced that all Mac and iOS devices had been affected by Meltdown and Spectre, and to resolve the latter bug, will be issuing a fix for Safari in the coming days. However, no such update has been issued by Mozilla for Firefox for iOS.

“In the longer term, we have started experimenting with techniques to remove the information leak closer to the source, instead of just hiding the leak by disabling timers,” said Mozilla in a blog postregarding prevention against attacks like Meltdown and Spectre.